×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN Concentrator 3080

Unanswered Question
Jul 15th, 2002
User Badges:
  • Gold, 750 points or more

1. One of the default user in VPN 3080 is 'config'. If this user is given the following access rights, it still couldn't to access 'File Management' area, with message "You do not have sufficient authorization to access the specified page."


Authentication="View Config"

General="View Config"

SNMP="View Config"

Files="List Files" or "Read Files" or "Read/Write Files" access.


* user authen. based on local profile in VPN box.

No external authentication server is in used.


2. If access to VPN box is authenticated by TACACS+, can I used local admin ID to access my VPN unit in case the TACACS+ server is down, which is similar to router or pix?


3. When TACACS+ is in used, access to the VPN Concentrator manager using the same admin ID is not allow for simultaneous access at the same time.However, when local database (default VPN DBase) is being used, it allows multiple access/login to the same box, at the same time, using the same ID. What is the difference (and inconsistency) between TACACS+ and local VPN database, as TACACS+ is more secure to be used.


4. VPN 3080 Concentrator exports the log file to an FTP server when the buffer is full. Is it possible to periodically export the log file with the following options:

(a) Daily - export & generate a new log file at 12:01 am local time every day.

(b) Weekly - export & generate a new log file at 12:01 am local time every

Sunday.

(c) Monthly - export & generate a new log file at 12:01 am on the first day of

every month.



Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Mon, 07/15/2002 - 22:23
User Badges:
  • Cisco Employee,

1. Only the user marked as Administrator can actually get into the whole Administration section, and you cna only have one user configured as the Administrator. Once the admin can get into that section, you can then give them only certain rights to files, etc. And yes, that is pretty useless because they can then just go in and change those rights because they're the administrator.


2. No. If the TACACS server is down, the only access is via the console port. You can add backup TACACS servers into the list, but if the concentrator reaches the bottom of the list, it denies the access.


3. What error do you get in the log on the concentrator? Have you verified that you don't have a limit of one login set on the TACACS server?


4. No, no and no.

Actions

This Discussion